“What would you do if presented with an exhibit
bag containing a mobile phone (which cannot be fully accessed without a SIM
Card) and a SIM Card (which was not inserted and may/may not be associated with
the device) separately and what could the affects be if the SIM Card was
inserted into the mobile phone?”
As Photo Courtesy of https://www.sellesmedical.co.uk/system/images/data/000/012/483/original/SOC100.jpg?1401014807
As there had been no response at the forum to provide
possible answers to the question above I thought I would discuss issues that
could arise.
My first doubt with the question, having read it, is that it
could lead to an impression that tick sheet (multiple-choice) responses would
be sufficient to answer the question. In my view that would be wrong, because
unless the multiple-choice options had been meticulously researched and condensed
to a single accurate word, it is possible the person passing the test could
believe his/her knowledge was sufficient to handle evidence when in fact that
may not be so.
I formed the opinion that this question is better suited to an
essay-style response to flesh-out possibilities the question raises and
identify the knowledge possessed by the person taking the test. Such a test may
produce a failure in knowledge, but not failure of the person taking the test;
trial and error enhances the experience of the person who then has an
opportunity to research the areas of failure.
PREAMBLE
The question raises potential material concerns about the
way the item has been ‘seized’ and, so to speak, ‘bagged’ (evidence/exhibit
bag). The competency and skillsets of those involved in the seizure may come
under scrutiny. The SIO (senior investigating officer) or SO (senior officer) may
need to look at the scheduling of the investigating and seizing team despatched
to site: Scene of Crime (SoC), Warrant to Search, etc. Who was the seizing
officer? What training have they received? Does s/he understand the principles
of avoiding contamination and/or cross-contamination? What if the seizure occurred due to stop and
search? Would the rules be different then?
No, the rules of seizure wouldn’t be different merely the understanding
of the person conducting the seizure how to implement them.
So, what might be the concerns? The question omits to
identify
(a)
comments in the seizure log, contemporaneous witness
statement and/or photographs of found items at site?
(b)
whether the handset has SIM/s (don’t forget
dual-SIM handsets) already inserted?
(c)
whether the handset battery is connected or
loose in the bag?
(d)
if the is battery still connected is the handset
switched ON/OFF when seized?
(e)
if switched ON, what network ICONs etc., were
visible?
(f)
did the seizing officer switch ON/OFF the handset
or was the handset allowed to drain the battery’s charge naturally?
(g)
if the battery is loose in bag, did the seizing
officer remove battery or was it found that way?
(h)
if battery removed from handset does it reveal the
SIM slot/s are empty or in use in the battery well?
(i) does the handset have a SIM slot on the side of the handset and is the SIM slot gate open or closed?
At this stage in the discussion you may think the above
questions are enough? Well they are not. The evidence/exhibit bag should not be
opened by the examiner and further considerations on the mind of the examiner might
be to ascertain if possible whether an immediate link can be seen between the
handset and loose SIM card in the evidence/exhibit bag?
(j)
logo on handset and SIM card; is there a
connection?
(k)
SIM Serial Number (SSN); check out mobile operator
ID?
(l)
SIM form factor; size 1FF, 2FF, 3FF, 4FF or
ID-1, plug-in size, micro-card, nano-card?
(m)
make/model of handset; which SIM form factor
does it use?
(n)
if battery is loose in bag; is the battery even
associated with the handset?
Yet a further potential point to raise is whether the Lab
Manager or Section Leader immediately grasp the significance of the contents in
evidence/exhibit bag?
(o)
at goods-inwards point of delivery?
(p)
was the person delivering the evidence able to
provide supporting details?
(q)
if not, have enquiries be made to the client for
supporting details?
(r)
has the evidence/exhibit bag just been handed
over to the examiner to get on with it?
The chain of custody (from hand-to-hand) also requires discussion
in this essay, which started out looking where seizure began through to delivery
to the examiner. Examiners may find there is an elliptical procedure needed to
be adhered to where initial seizure is faultless and alteration has occurred
down the line.
Prior to receipt of the evidence/exhibit bag and its
contents it is quite possible the exhibits themselves have been previously
examined. This is in case of being subjected to the analysis of:
(s)
fingerprinting
(t)
DNA
(u) drugs
(v)
GSR
Could it be the case (during these process (s)-(v)) the
items that were separately seized have accidently now been co-located in the
same evidence/exhibit bag? Problematical where evidence has been
cross-contaminated is that it may cause a miscarriage to any effective results obtained
during examination processes and procedures. Moreover, it might give weight to
a confession through false belief the items belonged together. That may happen long
before any test of admissibility of the evidence begins.
Lastly, an examiner should check in-house Standard Operating
Procedures (SOPs), such as:
(w)
Any Laboratory General and Standard SOPS
(x)
Any General Guidance on Mobile Phone Examination
SOPS
(y)
SIMLESS HANDSET Examination SOPS
(z)
Any other consideration SOPS
SUMMARY ONE
This essay discussion has been an exercise into possible implications
arising from the conditions set out in a proposed theoretical question.
It may not be immediately obvious but prior to delving into
examinations based upon ‘if’ or ‘if not’ scenarios establishing the seizure
procedure and chain of custody are safe to rely on (at first instance) might be
necessary? This might require checking
(#1) seizure and bagging
(#2) transport and quarantine
(#3) previous examinations
(#4) goods inwards to testing laboratory
Such an approach could be underpinned by establishing
principles stated in the Laboratory’s SOPS and escalated for consideration to
management prior to opening the evidence/exhibit bag and commencing any inspection
and examination of the items inside.
This essay discussion is not complete because a
second analysis and summary is required to deal with the potential implications
of inserting the loose SIM card into the handset inside the evidence/exhibit
bag. This is dealt with in Contaminated Evidence TWO which can be found here: http://trewmte.blogspot.co.uk/2017/04/contaminating-evidence-two.html
No comments:
Post a Comment